Application Security Engineer

company banner
BayOne Solutions
Java or Kotlin OR Nodejs OR Python, SAML OR OAuth security experience
Full Time
$160,000 - $180,000

Job Description

We have opening with our direct client for Application Security Engineer for full time position with 100% remote work.

 

Please go through the requirement and send me your updated resume

 

Application Security Engineer

Location: Remote work

Duration: Full time

 

The Application Security Engineer will integrate security features, tools, and validation/detection processes into the product development lifecycle. This role will work closely with Product and Engineering organizations to model cyber security threats, coordinate or perform proactive vulnerability scan, penetration test, develop tools and processes to automate the identification of security flaws, and identify effective mitigating controls where feasible in the application stack to build resilience into the products. The candidate will partner with Engineering Teams to diagnose, document, and remediate application security vulnerabilities. Additional responsibilities include evaluating, recommending, and implementing application security related solutions in an automated continuous integration/deployment environment. Further, the engineer must be comfortable leading and training developers in secure SDLC best practices. Candidates with strong communication, excellent creative problem-solving skills and experience working on cloud-based products will be most successful in this role. 

 

Experience & Skills:

  • 5+ years of software development experience
  • Deep expertise in software development with elements of security is a must
  • Experience building software solutions using common programming languages like Java, Kotlin, Node.js, and Python
  • Familiarity with Cybersecurity Frameworks including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, etc.
  • Thorough knowledge of OWASP Top 10 & ASVS
  • Deep knowledge of cryptography, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens
  • Ability to collaborate and provide clear point of view to multiple teams, ensuring results are aligned with company business objectives and delivered within planned timelines
  • Outstanding written and oral communications skills with the ability to develop internal processes and articulate assessment results
  • Preferably certified in at least one or more of the following security certifications: CISSP, CISM, CEH, GCIH, GCSA, Google Cloud PlatformN, GSEC

 

Responsibilities:

  • Partner with Product Development Teams to formulate and implement a strategy for software security that is tailored to the specific risks faced by the product and its targeted consumers
  • Conduct application security assessments and aggregate threat intelligence regularly to identify attack vectors against applications and products
  • Perform threat modeling/ design risk analysis/ security assessments in partnership with engineering and product partners, providing guidance that balances security requirements with functional requirements
  • Mitigate risk by updating the protection mechanism by leveraging appropriate tools and solutions
  • Develop and maintain a risk-based application security program based on a well-defined application security framework
  • Develop application security awareness and training curriculum in collaboration with Engineering Organization
  • Drive development of common security solutions and frameworks  including but not limited to Application and API Identity and Access Management
  • Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the engineering organization
  • Coordinate or conduct application penetration testing and drive remediation efforts to completion
  • Identify, develop, and integrate security testing tools, including but not limited to SAST, IAST, and SCA, into continuous integration and continuous development framework
  • Provide recommendations on security requirements to be included in product design and security testing
  • Provide recommendations to the Risk Management Framework process activities and related documentation
  • Research and design ways to achieve risk reduction objectives in creative ways, including rapidly growing our current tool stack where appropriate
  • Ensure integrity and confidentiality of data
  • Key member of the security incident response team
  • Document security processes and standards

 

Preferred Experience & Skills:

  • Prior experience in cloud-based product environments 
  • Prior experience with modern application architecture (API based), and Web / Mobile applications 
  • Possess a desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework

 

Thanks and Best regards,

Amin Shaikh

BayOne Solutions

Email: 

Phone:

BayOne awarded SFBT Fast100 award



Company Information

BayOne has succeeded in serving our clients’ hunger for a scalable, low latency team by nurturing deep pools of talent. We have a rigorous screening and evaluation process, and we value referrals, contribution to tech forums and client recommendations. We can ramp-up or ramp-down teams with low latency of response. Our mentors and industry experts provide education on leading topics, and hands-on training with industry relevant use cases to help clients’ existing workforce to quickly retool themselves and stay relevant being part of a thriving and productive workforce of the future.

Dice Id : 10494547
Position Id : 7123883
Originally Posted : 2 weeks ago

Similar Positions at BayOne Solutions

Software Engineer
  • ,
  • 20 hours ago
DevOps Engineer
  • ,
  • 2 weeks ago
Information Security Engineer
  • Austin, TX
  • 20 hours ago